Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Profile Task Plug Defender Control' = 'C:\kcuuvulhplw\aptncapmyxe.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Desktop Studio Cryptographic] 'Start' = '00000002'
- 'C:\kcuuvulhplw\efodpvtuu.exe' "c:\kcuuvulhplw\aptncapmyxe.exe"
- 'C:\kcuuvulhplw\aptncapmyxe.exe'
- 'C:\kcuuvulhplw\ss2v90nqfufav8dts.exe'
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- C:\kcuuvulhplw\aptncapmyxe.exe
- C:\kcuuvulhplw\efodpvtuu.exe
- C:\kcuuvulhplw\yoopadjyox8
- %WINDIR%\kcuuvulhplw\egrhh89s
- C:\kcuuvulhplw\egrhh89s
- C:\kcuuvulhplw\ss2v90nqfufav8dts.exe
- C:\kcuuvulhplw\efodpvtuu.exe
- C:\kcuuvulhplw\aptncapmyxe.exe
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- <SYSTEM32>\PerfStringBackup.TMP
- %WINDIR%\kcuuvulhplw\egrhh89s
- C:\kcuuvulhplw\ss2v90nqfufav8dts.exe
- 'be####clothes.net':80
- 'ga####clothes.net':80
- 'ga####health.net':80
- 'ga####separate.net':80
- 'be####health.net':80
- 'br####eparate.net':80
- 'fl###health.net':80
- 'fl####eparate.net':80
- 'be####distant.net':80
- 'ga####distant.net':80
- 'be####separate.net':80
- 'tr####eparate.net':80
- 'st####health.net':80
- 'st####separate.net':80
- 're####distant.net':80
- 'el####icdistant.net':80
- 'st####distant.net':80
- 'tr####istant.net':80
- 'tr####lothes.net':80
- 'tr###health.net':80
- 'st####clothes.net':80
- 'do###catch.net':80
- 'ag####teearly.net':80
- 'ag####tcatch.net':80
- 'qu####istant.net':80
- 'se####distant.net':80
- 'ag####tdress.net':80
- 'do###dress.net':80
- 'do###public.net':80
- 'do###eearly.net':80
- 'ag####tpublic.net':80
- 'se####clothes.net':80
- 'fl####istant.net':80
- 'br####istant.net':80
- 'br####lothes.net':80
- 'br###health.net':80
- 'fl####lothes.net':80
- 'se####health.net':80
- 'qu####lothes.net':80
- 'qu###health.net':80
- 'qu####eparate.net':80
- 'se####separate.net':80
- 'el####icclothes.net':80
- 'do####eparate.net':80
- 'ag####thealth.net':80
- 'ag####tseparate.net':80
- 'qu###future.net':80
- 'se####future.net':80
- 'ag####tdistant.net':80
- 'do####istant.net':80
- 'do####lothes.net':80
- 'do###health.net':80
- 'ag####tclothes.net':80
- 'se####safety.net':80
- 'fl###future.net':80
- 'br###future.net':80
- 'br###safety.net':80
- 'br###early.net':80
- 'fl###safety.net':80
- 'se###nearly.net':80
- 'qu###safety.net':80
- 'qu###early.net':80
- 'qu###smell.net':80
- 'se###nsmell.net':80
- 'la####istant.net':80
- 'ca####ndistant.net':80
- 'ca####nclothes.net':80
- 'ca####nhealth.net':80
- 'la####lothes.net':80
- 'el####ichealth.net':80
- 're####clothes.net':80
- 're####health.net':80
- 're####separate.net':80
- 'el#####cseparate.net':80
- 'la###health.net':80
- 'de####health.net':80
- 'ni####lothes.net':80
- 'ni###health.net':80
- 'ni####eparate.net':80
- 'de####separate.net':80
- 'la####eparate.net':80
- 'ca####nseparate.net':80
- 'de####distant.net':80
- 'de####clothes.net':80
- 'ni####istant.net':80
- http://be####clothes.net/index.php?me########
- http://ga####clothes.net/index.php?me########
- http://ga####health.net/index.php?me########
- http://ga####separate.net/index.php?me########
- http://be####health.net/index.php?me########
- http://br####eparate.net/index.php?me########
- http://fl###health.net/index.php?me########
- http://fl####eparate.net/index.php?me########
- http://be####distant.net/index.php?me########
- http://ga####distant.net/index.php?me########
- http://be####separate.net/index.php?me########
- http://tr####eparate.net/index.php?me########
- http://st####health.net/index.php?me########
- http://st####separate.net/index.php?me########
- http://re####distant.net/index.php?me########
- http://el####icdistant.net/index.php?me########
- http://st####distant.net/index.php?me########
- http://tr####istant.net/index.php?me########
- http://tr####lothes.net/index.php?me########
- http://tr###health.net/index.php?me########
- http://st####clothes.net/index.php?me########
- http://do###catch.net/index.php?me########
- http://ag####teearly.net/index.php?me########
- http://ag####tcatch.net/index.php?me########
- http://qu####istant.net/index.php?me########
- http://se####distant.net/index.php?me########
- http://ag####tdress.net/index.php?me########
- http://do###dress.net/index.php?me########
- http://do###public.net/index.php?me########
- http://do###eearly.net/index.php?me########
- http://ag####tpublic.net/index.php?me########
- http://se####clothes.net/index.php?me########
- http://fl####istant.net/index.php?me########
- http://br####istant.net/index.php?me########
- http://br####lothes.net/index.php?me########
- http://br###health.net/index.php?me########
- http://fl####lothes.net/index.php?me########
- http://se####health.net/index.php?me########
- http://qu####lothes.net/index.php?me########
- http://qu###health.net/index.php?me########
- http://qu####eparate.net/index.php?me########
- http://se####separate.net/index.php?me########
- http://el####icclothes.net/index.php?me########
- http://do####eparate.net/index.php?me########
- http://ag####thealth.net/index.php?me########
- http://ag####tseparate.net/index.php?me########
- http://qu###future.net/index.php?me########
- http://se####future.net/index.php?me########
- http://ag####tdistant.net/index.php?me########
- http://do####istant.net/index.php?me########
- http://do####lothes.net/index.php?me########
- http://do###health.net/index.php?me########
- http://ag####tclothes.net/index.php?me########
- http://se####safety.net/index.php?me########
- http://fl###future.net/index.php?me########
- http://br###future.net/index.php?me########
- http://br###safety.net/index.php?me########
- http://br###early.net/index.php?me########
- http://fl###safety.net/index.php?me########
- http://se###nearly.net/index.php?me########
- http://qu###safety.net/index.php?me########
- http://qu###early.net/index.php?me########
- http://qu###smell.net/index.php?me########
- http://se###nsmell.net/index.php?me########
- http://la####istant.net/index.php?me########
- http://ca####ndistant.net/index.php?me########
- http://ca####nclothes.net/index.php?me########
- http://ca####nhealth.net/index.php?me########
- http://la####lothes.net/index.php?me########
- http://el####ichealth.net/index.php?me########
- http://re####clothes.net/index.php?me########
- http://re####health.net/index.php?me########
- http://re####separate.net/index.php?me########
- http://el#####cseparate.net/index.php?me########
- http://la###health.net/index.php?me########
- http://de####health.net/index.php?me########
- http://ni####lothes.net/index.php?me########
- http://ni###health.net/index.php?me########
- http://ni####eparate.net/index.php?me########
- http://de####separate.net/index.php?me########
- http://la####eparate.net/index.php?me########
- http://ca####nseparate.net/index.php?me########
- http://de####distant.net/index.php?me########
- http://de####clothes.net/index.php?me########
- http://ni####istant.net/index.php?me########
- DNS ASK be####clothes.net
- DNS ASK ga####clothes.net
- DNS ASK ga####health.net
- DNS ASK ga####separate.net
- DNS ASK be####health.net
- DNS ASK br####eparate.net
- DNS ASK fl###health.net
- DNS ASK fl####eparate.net
- DNS ASK be####distant.net
- DNS ASK ga####distant.net
- DNS ASK be####separate.net
- DNS ASK tr####eparate.net
- DNS ASK st####health.net
- DNS ASK st####separate.net
- DNS ASK re####distant.net
- DNS ASK el####icdistant.net
- DNS ASK st####distant.net
- DNS ASK tr####istant.net
- DNS ASK tr####lothes.net
- DNS ASK tr###health.net
- DNS ASK st####clothes.net
- DNS ASK do###catch.net
- DNS ASK ag####teearly.net
- DNS ASK ag####tcatch.net
- DNS ASK qu####istant.net
- DNS ASK se####distant.net
- DNS ASK ag####tdress.net
- DNS ASK do###dress.net
- DNS ASK do###public.net
- DNS ASK do###eearly.net
- DNS ASK ag####tpublic.net
- DNS ASK se####clothes.net
- DNS ASK fl####istant.net
- DNS ASK br####istant.net
- DNS ASK br####lothes.net
- DNS ASK br###health.net
- DNS ASK fl####lothes.net
- DNS ASK se####health.net
- DNS ASK qu####lothes.net
- DNS ASK qu###health.net
- DNS ASK qu####eparate.net
- DNS ASK se####separate.net
- DNS ASK el####icclothes.net
- DNS ASK do####eparate.net
- DNS ASK ag####thealth.net
- DNS ASK ag####tseparate.net
- DNS ASK qu###future.net
- DNS ASK se####future.net
- DNS ASK ag####tdistant.net
- DNS ASK do####istant.net
- DNS ASK do####lothes.net
- DNS ASK do###health.net
- DNS ASK ag####tclothes.net
- DNS ASK se####safety.net
- DNS ASK fl###future.net
- DNS ASK br###future.net
- DNS ASK br###safety.net
- DNS ASK br###early.net
- DNS ASK fl###safety.net
- DNS ASK se###nearly.net
- DNS ASK qu###safety.net
- DNS ASK qu###early.net
- DNS ASK qu###smell.net
- DNS ASK se###nsmell.net
- DNS ASK la####istant.net
- DNS ASK ca####ndistant.net
- DNS ASK ca####nclothes.net
- DNS ASK ca####nhealth.net
- DNS ASK la####lothes.net
- DNS ASK el####ichealth.net
- DNS ASK re####clothes.net
- DNS ASK re####health.net
- DNS ASK re####separate.net
- DNS ASK el#####cseparate.net
- DNS ASK la###health.net
- DNS ASK de####health.net
- DNS ASK ni####lothes.net
- DNS ASK ni###health.net
- DNS ASK ni####eparate.net
- DNS ASK de####separate.net
- DNS ASK la####eparate.net
- DNS ASK ca####nseparate.net
- DNS ASK de####distant.net
- DNS ASK de####clothes.net
- DNS ASK ni####istant.net
- ClassName: 'Shell_TrayWnd' WindowName: ''